I am Stumped!

How to register a unique name in an internal Dynamic DNS; the outside
DHCP address of a multihomed server?


I have an ISA Server 2006, it has a DHCP address from my ISP and a
fixed internal NAT address on the inside. The PDC is inside the NAT
and running WINS, DHCP and Dynamic DNS.


The ISA Server domain named FIREWALL has this config
-----------------------------------------------------------------------------

Nic-1 fixed IP 192.168.1.1 FIREWALL.home.domain.com on internal DNS
and WINS
Nic-2 DHCP IP x.y.z.a Ureliable????.Mammoth-ISP.com set to DHCP
from my ISP
(I want a Dynaic DNS name like DIRTY.home.domain.com for Nic-2)


How do i keep the proper config for the internal side so when i ping
FIREWALL i get 192.168.1.1 but i can also ping DIRTY and get (x.y.z.a)
the current outside DHCP address from my ISP?


How can a multihomed external ISP created DHCP Address be uniquely
registered on an internal DNS Server?


Thanks if anyone can , Please.

In news:1152850938.272146.115010@35g2000cwc.googlegro ups.com,
AgarGuest <agarguest@gmail.com> stated, which I commented on below:
> I am Stumped!
>
> How to register a unique name in an internal Dynamic DNS; the outside
> DHCP address of a multihomed server?
>
>
> I have an ISA Server 2006, it has a DHCP address from my ISP and a
> fixed internal NAT address on the inside. The PDC is inside the NAT
> and running WINS, DHCP and Dynamic DNS.
>
>
> The ISA Server domain named FIREWALL has this config
> -----------------------------------------------------------------------------
>
> Nic-1 fixed IP 192.168.1.1 FIREWALL.home.domain.com on internal DNS
> and WINS
> Nic-2 DHCP IP x.y.z.a Ureliable????.Mammoth-ISP.com set to DHCP
> from my ISP
> (I want a Dynaic DNS name like DIRTY.home.domain.com for Nic-2)
>
>
> How do i keep the proper config for the internal side so when i ping
> FIREWALL i get 192.168.1.1 but i can also ping DIRTY and get (x.y.z.a)
> the current outside DHCP address from my ISP?
>
>
> How can a multihomed external ISP created DHCP Address be uniquely
> registered on an internal DNS Server?
>
>
> Thanks if anyone can , Please.

I'm assuming both interfaces are pointed to the internal DNS? Unless the
DHCP obtained configuration is pointing the outside NIC to the ISP? If the
outside NIC is registering in the internal DNS zone, then it's telling me
they are both pointed to the internal DNS.

You can stop registration of both interfaces into DNS. This way they don't
register with the same name and two different IPs. Then you can manually
create the necessary records with their respective IPs in your internal
zone, such as for dirty and firewall.

Since the ISA is not a DC (assuming this as well), you can simply uncheck
'Register This interface in DNS" in IP properties, DNS tab on both
interfaces to stop registration. If this is a DC, then see these links for
more info. These articles explain how to stop registration thru the
registry. If it's a DC, pay attention to the LdapIpAddress, and if it's a
GC, pay attention to the GcIpAddress.

246804 - How to enable or disable DNS updates in Windows 2000 and in Windows
Server 2003
http://support.microsoft.com/?id=246804

295328 - Private Network Interfaces on a Domain Controller Are Registered in
DNS
[also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg sameasparent
private IP]:
http://support.microsoft.com/?id=295328

You'll also want to change the binding order to force the internal NIC at
the top of the list. This dictates which NIC is asked first for network
services. That's done in Network Connections window, Advanced/Advanced, move
the internal NIC to the top.

Keep in mind, and saying this because I do not know how you have your
infrastrucuture configured, that if both NICs are pointed to the internal
DNS, or even if you want to allow DNS traffic from the internal DNS servers,
you'l; need to create a rule and allow it.

You may also want to post this question in the ISA group for specific ISA
questions regarding how to's on the rules, etc, but I believe I covered the
DNS issues.

--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

thanks Ace,

that sure s, i never thought of leaving the outside to update then
fixing the inside. its couter intuitive, you are great. cheers. i'm
almost done with this problem.

-Agar

Ace Fekay [MVP] wrote:
> In news:1152850938.272146.115010@35g2000cwc.googlegro ups.com,
> AgarGuest <agarguest@gmail.com> stated, which I commented on below:
> > I am Stumped!
> >
> > How to register a unique name in an internal Dynamic DNS; the outside
> > DHCP address of a multihomed server?
> >
> >
> > I have an ISA Server 2006, it has a DHCP address from my ISP and a
> > fixed internal NAT address on the inside. The PDC is inside the NAT
> > and running WINS, DHCP and Dynamic DNS.
> >
> >
> > The ISA Server domain named FIREWALL has this config
> > -----------------------------------------------------------------------------
> >
> > Nic-1 fixed IP 192.168.1.1 FIREWALL.home.domain.com on internal DNS
> > and WINS
> > Nic-2 DHCP IP x.y.z.a Ureliable????.Mammoth-ISP.com set to DHCP
> > from my ISP
> > (I want a Dynaic DNS name like DIRTY.home.domain.com for Nic-2)
> >
> >
> > How do i keep the proper config for the internal side so when i ping
> > FIREWALL i get 192.168.1.1 but i can also ping DIRTY and get (x.y.z.a)
> > the current outside DHCP address from my ISP?
> >
> >
> > How can a multihomed external ISP created DHCP Address be uniquely
> > registered on an internal DNS Server?
> >
> >
> > Thanks if anyone can , Please.
>
> I'm assuming both interfaces are pointed to the internal DNS? Unless the
> DHCP obtained configuration is pointing the outside NIC to the ISP? If the
> outside NIC is registering in the internal DNS zone, then it's telling me
> they are both pointed to the internal DNS.
>
> You can stop registration of both interfaces into DNS. This way they don't
> register with the same name and two different IPs. Then you can manually
> create the necessary records with their respective IPs in your internal
> zone, such as for dirty and firewall.
>
> Since the ISA is not a DC (assuming this as well), you can simply uncheck
> 'Register This interface in DNS" in IP properties, DNS tab on both
> interfaces to stop registration. If this is a DC, then see these links for
> more info. These articles explain how to stop registration thru the
> registry. If it's a DC, pay attention to the LdapIpAddress, and if it's a
> GC, pay attention to the GcIpAddress.
>
> 246804 - How to enable or disable DNS updates in Windows 2000 and in Windows
> Server 2003
> http://support.microsoft.com/?id=246804
>
> 295328 - Private Network Interfaces on a Domain Controller Are Registeredin
> DNS
> [also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg sameasparent
> private IP]:
> http://support.microsoft.com/?id=295328
>
> You'll also want to change the binding order to force the internal NIC at
> the top of the list. This dictates which NIC is asked first for network
> services. That's done in Network Connections window, Advanced/Advanced, move
> the internal NIC to the top.
>
> Keep in mind, and saying this because I do not know how you have your
> infrastrucuture configured, that if both NICs are pointed to the internal
> DNS, or even if you want to allow DNS traffic from the internal DNS servers,
> you'l; need to create a rule and allow it.
>
> You may also want to post this question in the ISA group for specific ISA
> questions regarding how to's on the rules, etc, but I believe I covered the
> DNS issues.
>
> --
> Ace
> Innovative IT Concepts, Inc
> Willow Grove, PA
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
> It's easy:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only constant in life is change...

In news:1153091248.056830.5420@75g2000cwc.googlegroup s.com,
AgarGuest <agarguest@gmail.com> stated, which I commented on below:
> thanks Ace,
>
> that sure s, i never thought of leaving the outside to update then
> fixing the inside. its couter intuitive, you are great. cheers. i'm
> almost done with this problem.
>
> -Agar

Glad I can be of service.

Ace